1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-25 17:23:00 +00:00

fix login when hosting Pepperminty Wiki in a subdirectory

This commit is contained in:
Starbeamrainbowlabs 2021-09-30 21:26:30 +01:00
parent 7cf545a3ca
commit 4853c1f604
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
3 changed files with 6 additions and 1 deletions

View file

@ -12,6 +12,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
- [security] Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome) - [security] Ensured that the `returnto` GET parameter leads you only to another place on your Pepperminty Wiki instance (thanks, @JamieSlome)
- [security] Ensure that Javascript in SVGs never gets executed (it's too challenging to strip it, since it could be lurking in many different places - according to [this answer](https://stackoverflow.com/a/68505306/1460422) even Inkscape doesn't strip all Javascript when asked to) - [security] Ensure that Javascript in SVGs never gets executed (it's too challenging to strip it, since it could be lurking in many different places - according to [this answer](https://stackoverflow.com/a/68505306/1460422) even Inkscape doesn't strip all Javascript when asked to)
- [security] Fixed XSS when the `action` GET param doesn't match a known action - [security] Fixed XSS when the `action` GET param doesn't match a known action
- StorageBox: create SQLite DB ifi it doesn't exist explicitly with `touch()`, because some systems are weird
## v0.23 ## v0.23

View file

@ -54,7 +54,9 @@ class StorageBox {
*/ */
function __construct(string $filename) { function __construct(string $filename) {
$firstrun = !file_exists($filename); $firstrun = !file_exists($filename);
$this->db = new \PDO("sqlite:" . path_resolve($filename, __DIR__)); // HACK: This might not work on some systems, because it depends on the current working directory $filename_db = path_resolve($filename, __DIR__);
if(!file_exists($filename_db)) touch($filename_db);
$this->db = new \PDO("sqlite:$filename_db"); // HACK: This might not work on some systems, because it depends on the current working directory
$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if($firstrun) { if($firstrun) {
$this->query("CREATE TABLE store (key TEXT UNIQUE NOT NULL, value TEXT)"); $this->query("CREATE TABLE store (key TEXT UNIQUE NOT NULL, value TEXT)");

View file

@ -129,6 +129,8 @@ register_module([
// Ref https://guides.codepath.com/websecurity/Session-Fixation // Ref https://guides.codepath.com/websecurity/Session-Fixation
session_regenerate_id(true); session_regenerate_id(true);
send_cookie(session_name(), session_id(), time() + $settings->sessionlifetime);
// Update the environment // Update the environment
$env->is_logged_in = true; $env->is_logged_in = true;